[IPython-dev] pyzmq authentication
Jason Grout
jason-sage at creativetrax.com
Tue May 31 14:13:23 EDT 2011
On 5/31/11 12:57 PM, MinRK wrote:
> We did briefly have an encrypted socket, but the zeromq community
> rightly opposed that rather vehemently, largely because we aren't
> security experts, and the illusion of security provided by a poor
> implementation is really *less* secure than having no security at all.
>
> Our answer with IPython is that SSH provides our security. Typically
> the Controller listens on localhost, and the best way to connect to it
> from another machine is with an SSH tunnel (IPython does help create
> the tunnels) rather than listening on a public port. We do provide a
> small level of additional security by including an authentication key
> in all messages that is checked when receiving to determine if the
> sender is authorized to make a request.
If I understand things correctly, if I have several frontends running
code on a single backend server (with multiple kernels---the sage
notebook is my usecase), then untrusted code from any of the kernels
could connect to and mess with the other sessions, right? Is it correct
to say that any user could connect with any kernel running on the same
server?
Thanks,
Jason
More information about the IPython-dev
mailing list